CVE-2003-1204

Name of the Vulnerable Software and Affected Versions Mambo Site Server versions 4.0.12 BETA and earlier

Description The issue allows remote attackers to execute scripts on other clients via multiple parameters in various PHP files, including the link parameter in "sectionswindow.php", the directory parameter in "gallery.php", "navigation.php", or "uploadimage.php", the path parameter in "view.php", the choice parameter in "upload.php", the sitename parameter in "mambosimple.php", the type parameter in "upload.php", or the id parameter in "emailarticle.php", "emailfaq.php", or "emailnews.php".

Recommendations For Mambo Site Server versions 4.0.12 BETA and earlier, update to a version later than 4.0.12 BETA to resolve the issue. As a temporary workaround, consider restricting access to the affected PHP files until a patch is available. Avoid using the vulnerable parameters in the affected API endpoints until the issue is resolved.